People of Kuma – Massimo Marini

People of Kuma – Massimo Marini

Meet Massimo, our Senior Analyst. He served in the US Peace Corps in Ukraine as a teacher and harm reduction specialist, he helped start the first needle-exchange program approved by the California Department of Public Health, and he plays competitive pool in a league.

Tell us about your role. What’s a typical day like?

As a Senior Analyst at Kuma, I manage multiple clients by providing vCISO services. I usually open my day with daily calls to check the status of HITRUST certifications or SOC II audits with my clients. From there I get to the outstanding work of the day, which can be vendor security assessments, creation of a slide deck for security subcommittee meetings, or contract and policy reviews.

What’s been your proudest moment at Kuma?

In NIST Special Publication 800-53, a late-stage requirement is the establishment of a continuous monitoring program (CMP) to maintain system security and support organizational risk management decisions. My proudest moment was developing and automating this work for one of my clients, then another, to the point where the CMP was finally mature enough to become available as a new, independent line of business for Kuma and a service to new clients.

What do your friends think you do?

Honestly, most people think I work in physical security, like a fancy security guard at a data center when I only tell them “IT security”. After that, my friends think that I’m an auditor of IT security systems or a version of a white-hat hacker.

If you could do another job for just one day, what would it be and why?

Working on an oil rig seems like an interesting change of pace. I know it’s a dangerous job, so it must be one where you must maintain your attention, your awareness, and sheer nerves. What a rush!

Who inspires you?

Coming from a decade of community work prior to working in security, I’ve seen and been around a lot of different inspiring projects and people. For me, it’s about small tangible goals and organizations that have an almost singular purpose for existing. For example, having a group of volunteers available to come and collect extra fruit from fruit trees, who then donate that surplus to food pantries. Or my friend who started a project where she would help young women who had court appearances dress appropriately for court. Admittedly very niche goals, but the work is just and the need so often overlooked.

What’s your favorite local business?

Sola Coffee Café is a nice local coffee house with a fine selection of tasty treats. I know a coffee house may not be an original answer, but the fact that I never hung around coffee houses before Sola makes me think it’s special.

What advice do you have for someone interested in joining the privacy and security sector?

Try not to be overwhelmed with all the information you don’t know. Yes, it can feel like drinking from a fire hose sometimes, but stick with the skills that helped you get into the field. Once you are confident in those, start to expand to other areas of interest or need.